Lucene search
K

213 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 12:1 a.m.24 views

Publify has Improper Access Controls

A low-privileged user can modify and delete admin articles by changing the value of the articleid parameter prior to 9.2.9...

9.9CVSS5.1AI score0.00786EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/24 12:1 a.m.13 views

GHSA-3HWX-C6CP-Q972 Publify vulnerable to cross site scripting

Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained...

9.1CVSS5AI score0.00715EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/24 12:1 a.m.29 views

Publify vulnerable to cross site scripting

Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained...

9.1CVSS5.2AI score0.00715EPSS
Exploits1References5Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.19 views

Cross site scripting in publify

Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained...

9.1CVSS0.7AI score0.00715EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.17 views

Cross site scripting in publify

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with 'publisher' role to inject malicious JavaScript via the uploaded html file...

5.4CVSS2AI score0.00578EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.23 views

Cross site scripting in publify

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a 'publisher' role is able to inject and execute arbitrary JavaScript code while creating a page/article...

5.4CVSS3.3AI score0.00578EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.18 views

Improper Access Control in publify

A low-privileged user can modify and delete admin articles just by changing the value of the articleid parameter prior to 9.2.9...

9.9CVSS2.8AI score0.00786EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/23 4:16 p.m.5 views

CVE-2022-1811

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9...

9.1CVSS6.8AI score0.00715EPSS
Exploits1References3
NVD
NVD
added 2022/05/23 4:16 p.m.37 views

CVE-2022-1811

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9...

9.1CVSS0.00715EPSS
Exploits1References2
Prion
Prion
added 2022/05/23 4:16 p.m.15 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9...

3.5CVSS5.5AI score0.00715EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/05/23 1:30 p.m.16 views

CVE-2022-1811 Unrestricted Upload of File with Dangerous Type in publify/publify

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9...

9.1CVSS7.5AI score0.00715EPSS
Exploits1References4
CVE
CVE
added 2022/05/23 1:30 p.m.113 views

CVE-2022-1811

CVE-2022-1811 applies to Publify/Publify prior to 9.2.9. The vulnerability is an unrestricted upload of a file with a dangerous type due to insufficient validation of uploaded files in the application, enabling potential remote code execution. Affected software: Publify (GitHub repo publify/publi...

9.1CVSS5.8AI score0.00715EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/23 12:16 p.m.7 views

CVE-2022-1810

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...

9.9CVSS6.8AI score0.00786EPSS
Exploits1References3
NVD
NVD
added 2022/05/23 12:16 p.m.20 views

CVE-2022-1810

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...

9.9CVSS0.00786EPSS
Exploits1References2
Prion
Prion
added 2022/05/23 12:16 p.m.11 views

Authorization

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...

4CVSS4.5AI score0.00786EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/05/23 12:0 a.m.16 views

CVE-2022-1810 Authorization Bypass Through User-Controlled Key in publify/publify

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...

9.9CVSS7AI score0.00786EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/23 12:0 a.m.6 views

Publify 访问控制错误漏洞

Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.9, which stems from incorrect access control. An attacker could exploit this vulnerability to allow an unprivileged user to modify/delete an administrator...

9.9CVSS5.6AI score0.00786EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/05/23 12:0 a.m.35 views

CVE-2022-1810 Authorization Bypass Through User-Controlled Key in publify/publify

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...

9.9CVSS4.9AI score0.00786EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/23 12:0 a.m.7 views

Publify 代码问题漏洞

Publify is a simple but full-featured web publishing software.An arbitrary file upload vulnerability exists in versions of Publify prior to 9.2.9, which stems from the application's lack of validation of uploaded files. An attacker could exploit this vulnerability to upload malicious files to...

9.1CVSS6AI score0.00715EPSS
Exploits1References4
CVE
CVE
added 2022/05/23 12:0 a.m.90 views

CVE-2022-1810

CVE-2022-1810 affects Publify/publify before 9.2.9, where an authorization bypass is possible through a user-controlled key. The issue concerns access control of admin content, enabling a low-privilege user to modify/delete administrator posts. Affected product: Publify web publishing software. R...

9.9CVSS4.9AI score0.00786EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder